This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/XN4cWDSShrePPj29q6_o3K_2ojY.roa
File:                     XN4cWDSShrePPj29q6_o3K_2ojY.roa (raw, json)
Hash identifier:          vuoDK1BfSZ35r7u8c+na03mIsXim0hhi56vk+NZVnfE=
Subject key identifier:   5C:DE:1C:58:34:92:86:B7:8F:3E:3D:BD:AB:AF:E8:DC:AF:F6:A2:36
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       019B7F15B9713E53D0F2F40F196466810C4B
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/XN4cWDSShrePPj29q6_o3K_2ojY.roa
Signing time:             Fri 02 Jan 2026 14:21:28 +0000
ROA not before:           Fri 02 Jan 2026 14:21:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31627
IP address blocks:        195.76.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:b9:71:3e:53:d0:f2:f4:0f:19:64:66:81:0c:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan  2 14:21:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5cde1c58349286b78f3e3dbdabafe8dcaff6a236
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:2d:af:4e:dc:9c:c8:d4:8c:94:b8:ff:2f:8f:
                    23:16:a1:38:76:d2:72:2d:b1:d8:8a:dd:5b:36:fc:
                    fb:6d:9f:9e:80:39:c9:a2:9a:a7:d8:be:bc:b8:af:
                    c8:c2:d5:11:f1:38:c4:bf:1e:c6:3e:fc:47:91:31:
                    a8:a7:90:c5:7e:ae:22:15:6c:7d:bc:57:6d:24:b3:
                    30:76:0b:1a:5b:70:af:7a:9d:14:bd:c2:99:de:4c:
                    59:aa:ac:d0:89:ac:82:87:a6:c3:1e:f7:44:77:db:
                    f4:7b:88:ea:bb:1f:cf:f3:d2:5f:09:96:09:78:9b:
                    f0:88:a6:4c:55:6c:b6:7a:b8:cc:3a:e4:d7:cc:35:
                    98:56:82:8e:68:22:b6:7d:fa:0c:56:cb:54:06:85:
                    3c:02:51:e0:fe:4a:3d:33:5b:ca:50:03:f9:a3:5c:
                    0d:68:6b:57:26:93:b6:4f:d6:47:5a:2e:c0:31:28:
                    eb:57:72:31:90:1c:54:b9:21:a8:3f:d2:90:64:83:
                    5a:68:9d:8d:8d:bd:6d:da:1c:9b:55:75:99:b9:dc:
                    9b:26:e7:5f:3a:fa:15:5a:16:21:49:5b:ef:ef:af:
                    3c:10:34:af:5f:f1:63:2b:de:3d:c8:5e:b0:21:d0:
                    df:58:5a:34:d0:9c:46:7d:29:b9:70:0e:58:b5:ba:
                    42:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:DE:1C:58:34:92:86:B7:8F:3E:3D:BD:AB:AF:E8:DC:AF:F6:A2:36
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/XN4cWDSShrePPj29q6_o3K_2ojY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.76.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:66:b5:0b:fd:05:43:b7:9f:88:5e:dd:af:6f:25:e3:8f:bf:
         1a:1b:51:89:a5:8b:24:d8:71:08:de:c0:b1:66:c3:f7:fb:01:
         31:56:c0:59:29:86:24:91:85:75:fa:32:92:88:f3:4d:48:a4:
         86:12:51:62:47:9c:47:52:e8:4c:88:d9:fd:f9:68:d5:34:e9:
         d4:ce:72:fe:c5:07:c4:cf:1a:17:04:a6:59:1f:2c:fa:f3:b9:
         7c:29:d4:2e:fa:ae:93:f8:a3:90:f7:71:e6:08:21:88:db:4d:
         51:f2:57:5d:49:4c:5e:ac:d8:3b:ae:40:8a:41:6c:93:e8:1f:
         7d:a9:50:13:6a:ec:e5:5d:79:4d:de:11:32:45:04:a4:dd:ff:
         19:55:b8:73:50:9b:99:24:cb:9b:e6:6a:54:e3:91:7a:88:b5:
         ff:d4:37:f5:81:fd:8d:bb:a1:00:0a:28:58:cb:23:28:ad:9e:
         1a:38:66:5c:3f:ec:9b:59:4e:77:5a:02:4d:ff:99:bc:f4:53:
         bc:2c:88:7f:01:c8:29:43:2e:87:d4:de:90:ef:63:29:8e:35:
         b7:79:c5:1c:ea:e1:b0:a1:86:f3:a6:fd:be:35:80:a2:41:6a:
         f0:8a:6a:52:36:a2:5c:a3:87:5e:83:b7:f6:db:fd:72:53:1b:
         fb:62:f6:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FblxPlPQ8vQPGWRmgQxLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjYwMTAyMTQyMTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2RlMWM1ODM0OTI4NmI3OGYzZTNkYmRhYmFmZThkY2FmZjZhMjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAni2vTtycyNSMlLj/L48jFqE4dtJy
LbHYit1bNvz7bZ+egDnJopqn2L68uK/IwtUR8TjEvx7GPvxHkTGop5DFfq4iFWx9
vFdtJLMwdgsaW3Cvep0UvcKZ3kxZqqzQiayCh6bDHvdEd9v0e4jqux/P89JfCZYJ
eJvwiKZMVWy2erjMOuTXzDWYVoKOaCK2ffoMVstUBoU8AlHg/ko9M1vKUAP5o1wN
aGtXJpO2T9ZHWi7AMSjrV3IxkBxUuSGoP9KQZINaaJ2Njb1t2hybVXWZudybJudf
OvoVWhYhSVvv7688EDSvX/FjK949yF6wIdDfWFo00JxGfSm5cA5YtbpCRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFzeHFg0koa3jz49vauv6Nyv9qI2MB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvWE40Y1dEU1NocmVQUGoyOXE2X28zS18yb2pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0wJMA0G
CSqGSIb3DQEBCwUAA4IBAQDRZrUL/QVDt5+IXt2vbyXjj78aG1GJpYsk2HEI3sCx
ZsP3+wExVsBZKYYkkYV1+jKSiPNNSKSGElFiR5xHUuhMiNn9+WjVNOnUznL+xQfE
zxoXBKZZHyz687l8KdQu+q6T+KOQ93HmCCGI201R8lddSUxerNg7rkCKQWyT6B99
qVATauzlXXlN3hEyRQSk3f8ZVbhzUJuZJMub5mpU45F6iLX/1Df1gf2Nu6EACihY
yyMorZ4aOGZcP+ybWU53WgJN/5m89FO8LIh/AcgpQy6H1N6Q72MpjjW3ecUc6uGw
oYbzpv2+NYCiQWrwimpSNqJco4deg7f22/1yUxv7YvZd
-----END CERTIFICATE-----